---|
15 | |
---|
16 | (* * Tools for small-step operational semantics *) |
---|
17 | |
---|
18 | (* * This module defines generic operations and theorems over |
---|
19 | the one-step transition relations that are used to specify |
---|
20 | operational semantics in small-step style. *) |
---|
21 | |
---|
---|
36 | (* * * Closures of transitions relations *) |
---|
37 | |
---|
38 | record transrel : Type[1] ≝ { |
---|
39 | genv : Type[0]; |
---|
40 | state: Type[0]; |
---|
41 | step : genv → state → trace → state → Prop |
---|
42 | }. |
---|
43 | |
---|
---|
58 | (* * No transitions: stuck state *) |
---|
59 | |
---|
60 | definition nostep ≝ λtr:transrel. λge: genv tr. λs: state tr. |
---|
61 | ∀t,s'. ¬((step tr) ge s t s'). |
---|
62 | |
---|
63 | (* * Zero, one or several transitions. Also known as Kleene closure, |
---|
64 | or reflexive transitive closure. *) |
---|
65 | |
---|
66 | inductive star (tr:transrel) (ge: genv tr): state tr -> trace -> state tr -> Prop := |
---|
67 | | star_refl: ∀s. |
---|
68 | star tr ge s E0 s |
---|
69 | | star_step: ∀s1,t1,s2,t2,s3,t. |
---|
70 | (step tr) ge s1 t1 s2 -> star tr ge s2 t2 s3 -> t = t1 ⧺ t2 -> |
---|
71 | star tr ge s1 t s3. |
---|
72 | |
---|
73 | lemma star_one: |
---|
74 | ∀tr,ge,s1,t,s2. (step tr) ge s1 t s2 -> star tr ge s1 t s2. |
---|
75 | #tr #ge #s1 #t #s2 #H @(star_step … H (star_refl …)) |
---|
76 | >(E0_right …) //; |
---|
77 | qed. |
---|
78 | |
---|
79 | lemma star_trans: |
---|
80 | ∀tr,ge,s1,t1,s2. star tr ge s1 t1 s2 -> |
---|
81 | ∀t2,s3,t. star tr ge s2 t2 s3 -> t = t1 ⧺ t2 -> star tr ge s1 t s3. |
---|
82 | #tr #ge #s1 #t1 #s2 #H elim H; |
---|
83 | [ #s #t2 #s3 #t #H0 #H1 >H1 normalize; //; |
---|
84 | | #s #t #s' #t' #s'' #t'' #H0 #H1 #H2 #H3 |
---|
85 | #t2 #s3 #t3 #H4 #H5 |
---|
86 | @(star_step … H0 (H3 … H4 …) ?) |
---|
87 | [ @(t'⧺t2) |
---|
88 | | // |
---|
89 | | <(Eapp_assoc …) <H2 @H5 |
---|
90 | ] |
---|
91 | ] |
---|
92 | qed. |
---|
93 | |
---|
94 | lemma star_left: |
---|
95 | ∀tr,ge,s1,t1,s2,t2,s3,t. |
---|
96 | (step tr) ge s1 t1 s2 -> star tr ge s2 t2 s3 -> t = t1 ⧺ t2 -> |
---|
97 | star tr ge s1 t s3. |
---|
98 | @star_step |
---|
99 | qed. |
---|
100 | |
---|
101 | lemma star_right: |
---|
102 | ∀tr,ge,s1,t1,s2,t2,s3,t. |
---|
103 | star tr ge s1 t1 s2 -> (step tr) ge s2 t2 s3 -> t = t1 ⧺ t2 -> |
---|
104 | star tr ge s1 t s3. |
---|
105 | #tr #ge #s1 #t1 #s2 #t2 #s3 #t #H1 #H2 #H3 |
---|
106 | @(star_trans … H1 … (star_one … H2)) @H3 |
---|
107 | qed. |
---|
108 | |
---|
109 | (* * One or several transitions. Also known as the transitive closure. *) |
---|
110 | |
---|
111 | inductive plus (tr:transrel) (ge: genv tr): state tr → trace → state tr → Prop ≝ |
---|
112 | | plus_left: ∀s1,t1,s2,t2,s3,t. |
---|
113 | step tr ge s1 t1 s2 -> star tr ge s2 t2 s3 -> t = t1 ⧺ t2 -> |
---|
114 | plus tr ge s1 t s3. |
---|
115 | |
---|
116 | lemma plus_one: |
---|
117 | ∀tr,ge,s1,t,s2. |
---|
118 | step tr ge s1 t s2 -> plus tr ge s1 t s2. |
---|
119 | #tr #ge #s1 #t #s2 #H @(plus_left … H (star_refl …)) |
---|
120 | >(E0_right …) //; |
---|
121 | qed. |
---|
122 | |
---|
123 | lemma plus_star: |
---|
124 | ∀tr,ge,s1,t,s2. plus tr ge s1 t s2 -> star tr ge s1 t s2. |
---|
125 | #tr #ge #s1 #t #s2 #H elim H; #s1' #t1' #s2' #t2' #s3' #t3' #H1 #H2 #e1 |
---|
126 | @(star_step … H1 H2 …) @e1; |
---|
127 | qed. |
---|
128 | |
---|
129 | lemma plus_right: |
---|
130 | ∀tr,ge,s1,t1,s2,t2,s3,t. |
---|
131 | star tr ge s1 t1 s2 -> step tr ge s2 t2 s3 -> t = t1 ⧺ t2 -> |
---|
132 | plus tr ge s1 t s3. |
---|
133 | #tr #ge #s1 #t1 #s2 #t2 #s3 #t3 #Hstar #Hstep #e1 inversion Hstar; |
---|
134 | [ #s2' #e2 #e3 #e4 destruct; @plus_one //; |
---|
135 | | #s1' #t1' #s1'' #t1'' #s2' #t2' #H1 #H2 #e2 #foo #e3 #e4 #e5 |
---|
136 | >e1 >e4 >e2 >Eapp_assoc destruct @(plus_left … H1) |
---|
137 | [ 2: @(star_right … H2 Hstep) //; |
---|
138 | | skip; |
---|
139 | | // |
---|
140 | ] |
---|
141 | ] |
---|
142 | qed. |
---|
---|
206 | (* * Infinitely many transitions *) |
---|
207 | |
---|
208 | coinductive forever (tr:transrel) (ge: genv tr): state tr -> traceinf -> Prop := |
---|
209 | | forever_intro: ∀s1,t,s2,T. |
---|
210 | step tr ge s1 t s2 -> forever tr ge s2 T -> |
---|
211 | forever tr ge s1 (t ⧻ T). |
---|
212 | |
---|
213 | lemma star_forever: |
---|
214 | ∀tr,ge,s1,t,s2. star tr ge s1 t s2 -> |
---|
215 | ∀T. forever tr ge s2 T -> |
---|
216 | forever tr ge s1 (t ⧻ T). |
---|
217 | #tr #ge #s1 #t1 #s2 #H elim H; |
---|
218 | [ #s' #T #H2 @H2 |
---|
219 | | #s1' #t1 #s0 #t0 #s2' #t2' #H1 #H2 #e1 #IH #T #H3 |
---|
220 | >e1 >(Eappinf_assoc …) |
---|
221 | % /2/; |
---|
222 | ] qed. |
---|
---|
309 | (* * Infinitely many silent transitions *) |
---|
310 | |
---|
311 | coinductive forever_silent (tr:transrel) (ge: genv tr): state tr → Prop ≝ |
---|
312 | | forever_silent_intro: ∀s1,s2. |
---|
313 | step tr ge s1 E0 s2 → forever_silent tr ge s2 → |
---|
314 | forever_silent tr ge s1. |
---|
---|
380 | (* * * Outcomes for program executions *) |
---|
381 | |
---|
382 | (* * The four possible outcomes for the execution of a program: |
---|
383 | - Termination, with a finite trace of observable events |
---|
384 | and an integer value that stands for the process exit code |
---|
385 | (the return value of the main function). |
---|
386 | - Divergence with a finite trace of observable events. |
---|
387 | (At some point, the program runs forever without doing any I/O.) |
---|
388 | - Reactive divergence with an infinite trace of observable events. |
---|
389 | (The program performs infinitely many I/O operations separated |
---|
390 | by finite amounts of internal computations.) |
---|
391 | - Going wrong, with a finite trace of observable events |
---|
392 | performed before the program gets stuck. |
---|
393 | *) |
---|
394 | |
---|
395 | inductive program_behavior: Type[0] := |
---|
396 | | Terminates: trace -> int -> program_behavior |
---|
397 | | Diverges: trace -> program_behavior |
---|
398 | | Reacts: traceinf -> program_behavior |
---|
399 | | Goes_wrong: trace -> program_behavior. |
---|
400 | |
---|
401 | definition not_wrong : program_behavior → Prop ≝ λbeh. |
---|
402 | match beh with |
---|
403 | [ Terminates _ _ => True |
---|
404 | | Diverges _ => True |
---|
405 | | Reacts _ => True |
---|
406 | | Goes_wrong _ => False |
---|
407 | ]. |
---|
408 | |
---|
409 | (* * Given a characterization of initial states and final states, |
---|
410 | [program_behaves] relates a program behaviour with the |
---|
411 | sequences of transitions that can be taken from an initial state |
---|
412 | to a final state. *) |
464 | |
---|
465 | record semantics : Type[1] ≝ |
---|
466 | { trans :> transrel |
---|
467 | ; initial : (state trans) → Prop |
---|
468 | ; final : (state trans) → int → Prop |
---|
469 | ; ge : (genv trans) |
---|
470 | }. |
---|
471 | |
---|
---|